CN109803030A - A kind of anonymity intermediate proxy server and its communication means - Google Patents
A kind of anonymity intermediate proxy server and its communication means Download PDFInfo
- Publication number
- CN109803030A CN109803030A CN201811568091.3A CN201811568091A CN109803030A CN 109803030 A CN109803030 A CN 109803030A CN 201811568091 A CN201811568091 A CN 201811568091A CN 109803030 A CN109803030 A CN 109803030A
- Authority
- CN
- China
- Prior art keywords
- address
- data packet
- port
- data
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of anonymous intermediate proxy servers, including data transmission module, data processing module and middle-agent's module, wherein, data transmission module, it is sent to data processing module for grabbing the data packet that dedicated concatenation equipment drainage comes in real time, is also used to the data that data processing module is submitted forwarding a packet to dedicated concatenation equipment;Data processing module for carrying out address conversion to data packet according to the type and connection tracking table of data packet, and sends middle-agent's module or data transmission module for the data packet after address conversion;Middle-agent's module is audited for the Content of Communication to data packet, and sends data processing module for the data packet after audit.Anonymous intermediate proxy server through the invention, the content after audit are sent to server end by the source address of data packet, the address of intermediate proxy server are hidden, and then avoid frequent access denied and the risk by malicious attack.
Description
Technical field
The present invention relates to network communication technology fields, particularly, are related to a kind of anonymous intermediate proxy server and its communication
Method.
Background technique
As the awareness of network security of people is increasingly enhanced, many websites all use encryption mode carry out data transmission with
Ensure the safety that data are transmitted in a network.General network security audit product passes through mirror image data packet or the side of concatenation
Formula can not be monitored this encryption data, to have opportunity to criminal, violation is propagated on network, is disobeyed
Method information.
In order to solve this problem, many security audit products solve the problems, such as this by " go-between agency " technology: will use
The data of family access target server are sent to go-between's proxy server, and middleman server relays to destination server;
After the reply data of destination server reaches go-between's proxy server, go-between's proxy server relays to corresponding use
Network data is distorted during go-between is responsible for forwarding in family, achievees the purpose that audit.The technology is drawn
The data analysis that may be implemented in network to encryption website is used, to realize data monitoring.But go-between's generation is used at present
When reason, the address communicated with destination server is all the address of go-between's proxy server, to have the following problems:
1, the attack of some websites malice in order to prevent, limits the address of source objects, in finite time
Access times cannot exceed a prescribed threshold value;In the case where big flow, the data of all users are all acted on behalf of by go-between and are carried out
Communication, the source address for accessing same destination server is all internuncial address, thus the risk of presence server denied access,
To influence the online experience of front end user;
2, the address of go-between's agency service can be found by malicious sabotage person, proxy server be attacked, so as to cause network
Failure influences user's online.
Summary of the invention
The purpose of the present invention is to provide a kind of anonymous intermediate proxy server and its communication means.
The technical solution used to solve the technical problems of the present invention is that: a kind of anonymous intermediate proxy server is provided, is used for
Communication between client and server, the client is connected to the server end by dedicated concatenation equipment, described
Dedicated concatenation equipment is connected to the intermediate proxy server, what the dedicated concatenation equipment was acted on behalf of needs by configuration rule
Data packet drains into the intermediate proxy server, and the intermediate proxy server includes data transmission module, data processing mould
Block and middle-agent's module, wherein
The data transmission module is sent to institute for grabbing the data packet that the dedicated concatenation equipment drainage comes in real time
Data processing module is stated, is also used to forwarding a packet to the data that the data processing module is submitted into the dedicated concatenation equipment;
The data processing module carries out address to data packet for the type and connection tracking table according to data packet and turns
It changes, and sends middle-agent's module or the data transmission module for the data packet after address conversion;
Middle-agent's module, audits for the Content of Communication to data packet, and the data packet after audit is sent out
It is sent to the data processing module.
In anonymous intermediate proxy server provided by the invention, when the data packet received is sent to institute for the client
When stating the data of server end, the destination address of data packet and destination port are revised as the centre by the data processing module
Middle-agent's module is sent to behind the address and port of proxy module;When the data packet received is server end hair
Toward the client data when, the data processing module according to the destination address and destination port of data packet search connection with
Track table will be sent to after agent address and proxy port that the destination IP of data packet and destination port are revised as in the record inquired
Middle-agent's module;When the data packet received is that middle-agent's module is sent to the data of the client,
The data processing module is according to destination IP and destination port inquiry connection tracking table, by the source address and source port in data packet
The data transmission module is sent to after the destination address and target port that are revised as in the record inquired;When the data received
When packet is that middle-agent's module is sent to the data of the server end, the data processing module is according to source address and source
Mouthful search connection tracking table, by data packet source address and source port be revised as station address and use in the record inquired
The data transmission module is sent to behind the port of family.
In anonymous intermediate proxy server provided by the invention, the connection tracking table includes multiple records, Mei Geji
Record includes station address, user port, destination address, target port, agent address and proxy port.
In anonymous intermediate proxy server provided by the invention, the data processing module is also used to receiving data
Bao Shi is extracted source address, source port, destination address and destination port in data packet, is being connected using source address and source port
It is searched in tracking table, if do not found, is created in the connection tracking table according to the source address and source port
New record, and fill in station address, user port, destination address and target port.
In anonymous intermediate proxy server provided by the invention, middle-agent's module is also used to receiving data
Bao Shi extracts source address and source port in data packet, searches connection tracking table according to source address and source port, finds corresponding
Record when not including agent address and proxy port in record, agent address and proxy port is supplemented complete.
Correspondingly, the present invention also provides a kind of communication means of anonymous intermediate proxy server, the proxy server is used
Communication between client and server, the client are connected to the server end, institute by dedicated concatenation equipment
It states dedicated concatenation equipment and is connected to the intermediate proxy server, the dedicated concatenation equipment will need to act on behalf of by configuration rule
Data packet drain into the intermediate proxy server, comprising the following steps:
S1, it grabs the dedicated data packet that comes of concatenation equipment drainage in real time by data transmission module and is sent to data
Manage module;
S2, address turn is carried out to data packet according to the type of data packet and connection tracking table by the data processing module
It changes, and sends middle-agent's module for the data packet after address conversion;
S3, it is audited by middle-agent's module to the Content of Communication of data packet, and the data packet after audit is sent out
It is sent to the data processing module;
S4, address turn is carried out to data packet according to the type of data packet and connection tracking table by the data processing module
It changes, and sends the data transmission module for the data packet after address conversion;
S5, by data transmission module by the data that the data processing module is submitted forward a packet to it is described it is dedicated concatenation set
It is standby.
In the communication means of anonymous intermediate proxy server provided by the invention, the step S2 includes:
When the data packet received is that the client is sent to the data of the server end, the data processing module
It is sent in described after the destination address of data packet and destination port to be revised as to the address and port of middle-agent's module
Between proxy module;When the data packet received is that the server end is sent to the data of the client, the data processing
Module searches connection tracking table according to the destination address and destination port of data packet, and the destination IP of data packet and destination port are repaired
Middle-agent's module is sent to after the agent address and proxy port that are changed in the record inquired;
The step S4 includes:
When the data packet received is that middle-agent's module is sent to the data of the client, at the data
Manage module according to destination IP and destination port inquiry connection tracking table, by data packet source address and source port be revised as inquiring
To record in destination address and target port after be sent to the data transmission module;When the data packet received is in described
Between proxy module when being sent to the data of the server end, the data processing module searches connection according to source address and source port
Tracking table, by data packet source address and the source port station address and user port that are revised as in the record inquired after send out
Toward the data transmission module.
In the communication means of anonymous intermediate proxy server provided by the invention, the connection tracking table includes multiple notes
Record, each record include station address, user port, destination address, target port, agent address and proxy port.
In the communication means of anonymous intermediate proxy server provided by the invention, further includes:
Source address, source port, destination address of the data processing module when receiving data packet, in extraction data packet
And destination port, it is searched in connection tracking table using source address and source port, if do not found, according to the source
Address and source port create new record in the connection tracking table, and fill in station address, user port, destination address and
Target port.
In the communication means of anonymous intermediate proxy server provided by the invention, further includes: middle-agent's module
When receiving data packet, the source address and source port in data packet are extracted, connection tracking is searched according to source address and source port
Table finds corresponding record, and when not including agent address and proxy port in record, agent address and proxy port are supplemented
Completely.
Anonymous intermediate proxy server of the invention and its communication means have the advantages that provided by the invention hide
Name intermediate proxy server carries out data acquisition and transmission by data transmission module;By data processing module to data packet
Address converted;It is audited by middle-agent's module to data;The source that content after auditing as a result, passes through data packet
Address is sent to server end, and the address of intermediate proxy server is hidden, and solves existing go-between and acts on behalf of skill
Art, the IP address of oneself used when being communicated with destination server, it may appear that be frequently rejected since same IP address accessed
Access, and the proxy server can be detected by malicious sabotage person, thus the problem of carrying out network attack.In addition, by building
Vertical connection tracking table, data processing module can quickly and effectively be turned the content of data packet when carrying out address conversion
It changes, thus, it is possible to improve network transmission efficiency, avoids the duplication of labour, promote user experience.
Detailed description of the invention
Fig. 1 is the application scenarios schematic diagram for the anonymous intermediate proxy server that one embodiment of the invention provides;
Fig. 2 is the schematic diagram for the anonymous intermediate proxy server that one embodiment of the invention provides.
Specific embodiment
In order to make those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
Description and claims of this specification and term " first ", " second ", " third " and " in above-mentioned attached drawing
Four " etc. are not use to describe a particular order for distinguishing different objects.In addition, term " includes " and " having " and it
Any deformation, it is intended that cover and non-exclusive include.Such as it contains the process, method of a series of steps or units, be
System, product or equipment are not limited to listed step or unit, but optionally further comprising the step of not listing or list
Member, or optionally further comprising other step or units intrinsic for these process, methods, product or equipment.
Below in conjunction with drawings and examples the present invention will be further explained explanation.
Fig. 1 is the application scenarios schematic diagram for the anonymous intermediate proxy server that one embodiment of the invention provides;Such as Fig. 1 institute
Show, intermediate proxy server 10 provided by the invention is for the communication between client 20 and server end 30, the client
20 are connected to the server end 30 by dedicated concatenation equipment 40, and the dedicated concatenation equipment 40 is connected to the middle-agent
Server 10, the dedicated concatenation equipment 40 will need the data packet acted on behalf of to drain into middle-agent's clothes by configuration rule
Be engaged in device 10, do not need agency flow directly forward, it is ensured that network it is unimpeded;Middleman server 10 is responsible for realizing agency
Function.It should be noted that the data packet for needing exist for agency refers to the data packet audited.
Fig. 2 is the schematic diagram for the anonymous intermediate proxy server that one embodiment of the invention provides.As depicted in figs. 1 and 2, in
Between proxy server 10 include data transmission module 110, data processing module 120 and middle-agent's module 130, wherein it is described
Data transmission module 110 is used to grab the data packet that dedicated concatenation equipment 40 drainage comes in real time and is sent at the data
Module 120 is managed, is also used to forwarding a packet to the data that the data processing module 120 is submitted into the dedicated concatenation equipment 40;Institute
Data processing module 120 is stated for carrying out address conversion to data packet according to the type of data packet and connection tracking table, and by ground
Data packet after the conversion of location is sent to middle-agent's module 130 or the data transmission module 110;Middle-agent's mould
Block 130 sends the data processing module for the data packet after audit for auditing to the Content of Communication of data packet
120。
Specifically, in an embodiment of the present invention, data transmission module 110 by need two physical network cards (NIC) and
Two Microsoft Loopback Adapters (TUN) carry out data transmission.Wherein, NIC1 connects the net for being responsible for client data in dedicated concatenation equipment 40
Card;NIC2 connection turns the network interface card for being responsible for service end data in concatenation equipment 40;TUN1 is used for middle-agent's module 130 and client
20 data communication;TUN2 is used for the data communication of middle-agent's module 130 and server end 30.Further, NIC1 is used to
Client 20 is received to be sent to the data of server end 30 and send the data that TUN1 is sent to client;NIC2 is used to receive server
End is sent to the data of client and sends the data that TUN2 is sent to server-side;TUN1 is used to receive data processing module for client
Data are sent to the data of middle-agent's module and send the data that middle-agent's module is sent to client;TUN2 is used to receive data
Servers' data is sent to the data of middle-agent's module and sends middle-agent's module by processing module is sent to server end
Data.
It specifically, in an embodiment of the present invention, include destination address, destination port, source address and source in data packet
Port, data processing module 120 according to the type of data packet by data packet port and address convert, to guarantee data
Packet can normally reach next node.Further, when the data packet received is that the client is sent to the server
When the data at end, the destination address of data packet and destination port are revised as middle-agent's module by the data processing module
Address and port after be sent to middle-agent's module;When the data packet received is that the server end is sent to the visitor
When the data at family end, the data processing module searches connection tracking table according to the destination address and destination port of data packet, will
It is sent in described after agent address and proxy port that the destination IP and destination port of data packet are revised as in the record inquired
Between proxy module;When the data packet received is that middle-agent's module is sent to the data of the client, the number
According to processing module according to destination IP and destination port inquiry connection tracking table, by data packet source address and source port be revised as
The data transmission module is sent to after the destination address in record and target port that inquire;When the data packet received is institute
When stating middle-agent's module and being sent to the data of the server end, the data processing module is searched according to source address and source port
Connect tracking table, by data packet source address and source port be revised as station address and user port in the record inquired
After be sent to the data transmission module.Address conversion is carried out by data processing module, ensure that intermediate proxy server is sent to
The address carried in the data of server end is the address of of data itself, rather than the address of intermediate proxy server.
Further, in an embodiment of the present invention, the connection tracking table includes multiple records, and each record includes using
Family address, user port, destination address, target port, agent address and proxy port.
Further, in an embodiment of the present invention, it needs to establish by data processing module and middle-agent's module
Tracking table is connected with maintenance.Specifically, the data processing module 120 extracts the source in data packet when receiving data packet
Address, source port, destination address and destination port are searched in connection tracking table using source address and source port, if
It does not find, then new record is created in the connection tracking table according to the source address and source port, and with filling in user
Location, user port, destination address and target port;If found, illustrate to establish connection for the user, without creating again
It builds.Middle-agent's module 130 extracts the source address and source port in data packet, according to source when receiving data packet
Location and source port search connection tracking table, find corresponding record, will when not including agent address and proxy port in record
Agent address and proxy port supplement are complete;Middle-agent's module first determines whether the corresponding company of data packet when receiving data packet
Whether the record connect in tracking table is complete, supplements corresponding agent address and proxy port for incomplete record.Pass through foundation
Tracking table is connected, data processing module can quickly and effectively convert the content of data packet when carrying out address conversion,
Thus, it is possible to improve network transmission efficiency, the duplication of labour is avoided, promotes user experience.
Anonymity intermediate proxy server provided by the invention carries out data acquisition and transmission by data transmission module;It is logical
Data processing module is crossed to convert the address of data packet;It is audited by middle-agent's module to data;It audits as a result,
Content afterwards is sent to server end by the source address of data packet, and the address of intermediate proxy server is hidden, solution
It has determined existing go-between's agent skill group, the IP address of oneself used when being communicated with destination server, it may appear that due to same
IP address, which accessed, to be frequently denied access to, and the proxy server can be detected by malicious sabotage person, to carry out network
The problem of attack.In addition, by establishing connection tracking table, data processing module, can be fast and effective when carrying out address conversion
The content of data packet is converted, thus, it is possible to improve network transmission efficiency, avoid the duplication of labour, promote user experience.
The present invention also provides a kind of communication means of anonymous intermediate proxy server, the proxy server is used for client
Communication between server end, the client are connected to the server end, the dedicated string by dedicated concatenation equipment
It connects equipment and is connected to the intermediate proxy server, the data packet that the dedicated concatenation equipment is acted on behalf of needs by configuration rule
Drain into the intermediate proxy server, which is characterized in that include following steps:
S1, it grabs the dedicated data packet that comes of concatenation equipment drainage in real time by data transmission module and is sent to data
Manage module;
S2, address turn is carried out to data packet according to the type of data packet and connection tracking table by the data processing module
It changes, and sends middle-agent's module for the data packet after address conversion;
S3, it is audited by middle-agent's module to the Content of Communication of data packet, and the data packet after audit is sent out
It is sent to the data processing module;
S4, address turn is carried out to data packet according to the type of data packet and connection tracking table by the data processing module
It changes, and sends the data transmission module for the data packet after address conversion;
S5, by data transmission module by the data that the data processing module is submitted forward a packet to it is described it is dedicated concatenation set
It is standby.
Specifically, in an embodiment of the present invention, step S2 includes:
When the data packet received is that the client is sent to the data of the server end, the data processing module
It is sent in described after the destination address of data packet and destination port to be revised as to the address and port of middle-agent's module
Between proxy module;When the data packet received is that the server end is sent to the data of the client, the data processing
Module searches connection tracking table according to the destination address and destination port of data packet, and the destination IP of data packet and destination port are repaired
Middle-agent's module is sent to after the agent address and proxy port that are changed in the record inquired.
Specifically, in an embodiment of the present invention, the step S4 includes:
When the data packet received is that middle-agent's module is sent to the data of the client, at the data
Manage module according to destination IP and destination port inquiry connection tracking table, by data packet source address and source port be revised as inquiring
To record in destination address and target port after be sent to the data transmission module;When the data packet received is in described
Between proxy module when being sent to the data of the server end, the data processing module searches connection according to source address and source port
Tracking table, by data packet source address and the source port station address and user port that are revised as in the record inquired after send out
Toward the data transmission module.
Specifically, in an embodiment of the present invention, the connection tracking table includes multiple records, and each record includes user
Address, user port, destination address, target port, agent address and proxy port.
Specifically, in an embodiment of the present invention, further includes:
Source address, source port, destination address of the data processing module when receiving data packet, in extraction data packet
And destination port, it is searched in connection tracking table using source address and source port, if do not found, according to the source
Address and source port create new record in the connection tracking table, and fill in station address, user port, destination address and
Target port.
Specifically, in an embodiment of the present invention, further includes: middle-agent's module is mentioned when receiving data packet
The source address and source port in data packet are taken, connection tracking table is searched according to source address and source port, finds corresponding record,
When not including agent address and proxy port in record, agent address and proxy port are supplemented complete.
It should be understood that above-described embodiment provides system in implementation method, only with the division of above-mentioned each functional module
Be illustrated, in practical application, can according to need and by above-mentioned function distribution by different functional modules, i.e., by equipment
Internal structure be divided into different functional modules, to complete all or part of the functions described above.In addition, above-mentioned implementation
The system and method embodiment that example provides belongs to same design, and specific implementation process is detailed in the description of embodiment of the method, here
It repeats no more.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium.The handoff functionality of control or realization mentioned above is realized by controller, and controller can be
Central processing unit (Central Processing Unit, CPU), can also be other general processors, Digital Signal Processing
Device (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated
Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other can
Programmed logic device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor
Or the processor is also possible to any conventional processor etc..Memory mentioned above can be the storage of terminal built-in
Equipment, such as hard disk or memory.Present system further comprises memory, and the external storage that memory is also possible to system is set
It is standby, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card,
Flash card (Flash Card) etc..Memory can also both include the internal storage unit of system, also include External memory equipment,
For storing computer program and required other programs and information.Memory can be also used for temporarily storing and export
Or the information that will be exported.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of anonymity intermediate proxy server, for the communication between client and server, the client passes through special
It is connected to the server end with concatenation equipment, the dedicated concatenation equipment is connected to the intermediate proxy server, described special
The data packet acted on behalf of will be needed to drain into the intermediate proxy server by configuration rule with concatenation equipment, which is characterized in that
The intermediate proxy server includes data transmission module, data processing module and middle-agent's module, wherein
The data transmission module is sent to the number for grabbing the data packet that the dedicated concatenation equipment drainage comes in real time
According to processing module, it is also used to forwarding a packet to the data that the data processing module is submitted into the dedicated concatenation equipment;
The data processing module, for carrying out address conversion to data packet according to the type and connection tracking table of data packet, and
Middle-agent's module or the data transmission module are sent by the data packet after address conversion;
Middle-agent's module, audits for the Content of Communication to data packet, and sends the data packet after audit to
The data processing module.
2. anonymity intermediate proxy server according to claim 1, which is characterized in that when the data packet received is described
When client is sent to the data of the server end, the data processing module repairs the destination address of data packet and destination port
Middle-agent's module is sent to after being changed to the address and port of middle-agent's module;When the data packet received is institute
When stating server end and being sent to the data of the client, the data processing module is according to the destination address and destination of data packet
Mouth searches connection tracking table, the agent address and the generation destination IP of data packet and destination port being revised as in the record inquired
Reason is sent to middle-agent's module behind port;When the data packet received is that middle-agent's module is sent to the client
When the data at end, the data processing module is according to destination IP and destination port inquiry connection tracking table, by the source in data packet
The data transmission module is sent to after destination address and target port that address and source port are revised as in the record inquired;When
The data packet received is middle-agent's module when being sent to the data of the server end, the data processing module according to
Source address and source port search connection tracking table, by data packet source address and source port be revised as in the record inquired
The data transmission module is sent to after station address and user port.
3. anonymity intermediate proxy server according to claim 1, which is characterized in that the connection tracking table includes multiple
Record, each record include station address, user port, destination address, target port, agent address and proxy port.
4. anonymity intermediate proxy server according to claim 3, which is characterized in that the data processing module is also used to
When receiving data packet, extract source address, source port, destination address and the destination port in data packet, using source address and
Source port is searched in connection tracking table, if do not found, according to the source address and source port in the connection
New record is created in tracking table, and fills in station address, user port, destination address and target port.
5. anonymity intermediate proxy server according to claim 4, which is characterized in that middle-agent's module is also used to
When receiving data packet, the source address and source port in data packet are extracted, connection tracking is searched according to source address and source port
Table finds corresponding record, and when not including agent address and proxy port in record, agent address and proxy port are supplemented
Completely.
6. a kind of communication means of anonymity intermediate proxy server, the proxy server is between client and server
Communication, the client is connected to the server end by dedicated concatenation equipment, and the dedicated concatenation equipment is connected to institute
Intermediate proxy server is stated, the dedicated concatenation equipment will need the data packet acted on behalf of to drain into the centre by configuration rule
Proxy server, which comprises the following steps:
S1, it grabs the dedicated data packet that comes of concatenation equipment drainage in real time by data transmission module and is sent to data processing mould
Block;
S2, address conversion is carried out to data packet according to the type of data packet and connection tracking table by the data processing module, and
Middle-agent's module is sent by the data packet after address conversion;
S3, it is audited by middle-agent's module to the Content of Communication of data packet, and sends the data packet after audit to
The data processing module;
S4, address conversion is carried out to data packet according to the type of data packet and connection tracking table by the data processing module, and
The data transmission module is sent by the data packet after address conversion;
S5, the data that the data processing module is submitted are forwarded a packet into the dedicated concatenation equipment by data transmission module.
7. the communication means of anonymity intermediate proxy server according to claim 6, which is characterized in that the step S2 packet
It includes:
When the data packet received is that the client is sent to the data of the server end, the data processing module will be counted
The intermediate generation is sent to after being revised as the address and port of middle-agent's module according to the destination address and destination port of packet
Manage module;When the data packet received is that the server end is sent to the data of the client, the data processing module
Connection tracking table is searched according to the destination address of data packet and destination port, the destination IP of data packet and destination port are revised as
Middle-agent's module is sent to after the agent address and proxy port in record inquired;
The step S4 includes:
When the data packet received is that middle-agent's module is sent to the data of the client, the data processing mould
Root tuber according to destination IP and destination port inquiry connection tracking table, by data packet source address and source port be revised as inquiring
The data transmission module is sent to after destination address and target port in record;When the data packet received is the intermediate generation
When reason module is sent to the data of the server end, the data processing module searches connection tracking according to source address and source port
Table, by data packet source address and the source port station address and user port that are revised as in the record inquired after be sent to institute
State data transmission module.
8. the communication means of anonymity intermediate proxy server according to claim 6, which is characterized in that the connection tracking
Table includes multiple records, and each record includes station address, user port, destination address, target port, agent address and agency
Port.
9. the communication means of anonymity intermediate proxy server according to claim 8, which is characterized in that further include:
The data processing module extracts source address, source port, destination address and the mesh in data packet when receiving data packet
Port, searched in connection tracking table using source address and source port, if do not found, according to the source address
New record is created in the connection tracking table with source port, and fills in station address, user port, destination address and target
Port.
10. the communication means of anonymity intermediate proxy server according to claim 9, which is characterized in that further include: it is described
Middle-agent's module extracts the source address and source port in data packet, according to source address and source port when receiving data packet
Search connection tracking table, find corresponding record, when not including agent address and proxy port in record, by agent address and
Proxy port supplement is complete.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811568091.3A CN109803030A (en) | 2018-12-20 | 2018-12-20 | A kind of anonymity intermediate proxy server and its communication means |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811568091.3A CN109803030A (en) | 2018-12-20 | 2018-12-20 | A kind of anonymity intermediate proxy server and its communication means |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109803030A true CN109803030A (en) | 2019-05-24 |
Family
ID=66557339
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811568091.3A Pending CN109803030A (en) | 2018-12-20 | 2018-12-20 | A kind of anonymity intermediate proxy server and its communication means |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109803030A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111478880A (en) * | 2020-03-03 | 2020-07-31 | 视联动力信息技术股份有限公司 | Data processing method and device |
CN112217715A (en) * | 2020-09-27 | 2021-01-12 | 辽宁便利电科技有限公司 | Intelligent dynamic gateway system with repeated interaction of complex data |
WO2023016470A1 (en) * | 2021-08-10 | 2023-02-16 | 华为技术有限公司 | Method, apparatus and system for processing ping message |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055672A (en) * | 2010-12-27 | 2011-05-11 | 北京星网锐捷网络技术有限公司 | Control method for data flow transmission route, device and route equipment |
CN103428095A (en) * | 2013-08-26 | 2013-12-04 | 深信服网络科技(深圳)有限公司 | Proxy server and proxy method thereof |
CN106657438A (en) * | 2016-12-05 | 2017-05-10 | 深圳市任子行科技开发有限公司 | Anti-tracing network proxy method and system |
CN108848202A (en) * | 2018-06-21 | 2018-11-20 | Oppo(重庆)智能科技有限公司 | electronic device, data transmission method and related product |
-
2018
- 2018-12-20 CN CN201811568091.3A patent/CN109803030A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055672A (en) * | 2010-12-27 | 2011-05-11 | 北京星网锐捷网络技术有限公司 | Control method for data flow transmission route, device and route equipment |
CN103428095A (en) * | 2013-08-26 | 2013-12-04 | 深信服网络科技(深圳)有限公司 | Proxy server and proxy method thereof |
CN106657438A (en) * | 2016-12-05 | 2017-05-10 | 深圳市任子行科技开发有限公司 | Anti-tracing network proxy method and system |
CN108848202A (en) * | 2018-06-21 | 2018-11-20 | Oppo(重庆)智能科技有限公司 | electronic device, data transmission method and related product |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111478880A (en) * | 2020-03-03 | 2020-07-31 | 视联动力信息技术股份有限公司 | Data processing method and device |
CN111478880B (en) * | 2020-03-03 | 2022-12-23 | 视联动力信息技术股份有限公司 | Data processing method and device |
CN112217715A (en) * | 2020-09-27 | 2021-01-12 | 辽宁便利电科技有限公司 | Intelligent dynamic gateway system with repeated interaction of complex data |
WO2023016470A1 (en) * | 2021-08-10 | 2023-02-16 | 华为技术有限公司 | Method, apparatus and system for processing ping message |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN103384242B (en) | Intrusion detection method based on Nginx proxy server and system | |
CN102724189B (en) | A kind of method and device controlling user URL access | |
CN107465651A (en) | Network attack detecting method and device | |
CN107786545A (en) | A kind of attack detection method and terminal device | |
CN105991595A (en) | Network security protection method and device | |
CN106293892A (en) | Distributed stream calculates system, method and apparatus | |
CN103929376A (en) | Terminal admission control method based on switch port management | |
CN109803030A (en) | A kind of anonymity intermediate proxy server and its communication means | |
CN104158767B (en) | A kind of network admittance device and method | |
CN104462509A (en) | Review spam detection method and device | |
CN104639391A (en) | Method for generating network flow record and corresponding flow detection equipment | |
CN109729044B (en) | Universal internet data acquisition reverse-crawling system and method | |
CN109714206A (en) | Electric power monitoring system Generating Network Topology Map, network bus topological diagram | |
CN105306465A (en) | Website secure access realization method and apparatus | |
CN109587156A (en) | Abnormal network access connection identification and blocking-up method, system, medium and equipment | |
CN102932195A (en) | Networking protocol analysis-based business analysis monitoring method and system | |
CN101102259A (en) | Network access control system and its method | |
CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
CN113612783B (en) | Honeypot protection system | |
CN104363228A (en) | Terminal security access control method | |
CN107800722A (en) | Isolate the method and device of industrial control equipment and external network server | |
CN108063833A (en) | HTTP dns resolutions message processing method and device | |
CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
CN104734869A (en) | Intelligent DNS domain name system and method based on dynamic detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190524 |